1377 lines
47 KiB
Plaintext
1377 lines
47 KiB
Plaintext
RC-IKE-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32
|
|
FROM SNMPv2-SMI
|
|
DisplayString, TruthValue, RowStatus
|
|
FROM SNMPv2-TC
|
|
InterfaceIndex, InterfaceIndexOrZero
|
|
FROM IF-MIB
|
|
rcIke, EnableValue
|
|
FROM RAPID-CITY
|
|
InetAddressType, InetAddress
|
|
FROM INET-ADDRESS-MIB;
|
|
|
|
rcIkeMib MODULE-IDENTITY
|
|
LAST-UPDATED "201710200000Z"
|
|
ORGANIZATION "Avaya"
|
|
CONTACT-INFO "Prem Palarapu
|
|
Postal: Avaya
|
|
600 Technology Park
|
|
Billerica, MA 01821
|
|
email: prempa@avaya.com
|
|
"
|
|
DESCRIPTION "Enterprise MIB for the IKE mibs."
|
|
|
|
REVISION "201710200000Z" -- 20 October 2017
|
|
DESCRIPTION "Version 16: Changed rcIkePolicyLocalIfIndex data type."
|
|
|
|
REVISION "201709120000Z" -- 12 September 2017
|
|
DESCRIPTION "Version 15: Added digitalCertificate(5) to rcIkeActiveSAAuthenticationMethod.
|
|
Corrected description for rcIkePolicyAuthenticationMethod and
|
|
rcIkeActiveSAAuthenticationMethod to reflect implementation."
|
|
|
|
REVISION "201702150000Z" -- 15 Feb 2017
|
|
DESCRIPTION "Version 14: Corrected MIB compiler errors."
|
|
|
|
REVISION "201611180000Z" -- 18 November 2016
|
|
DESCRIPTION "Version 13: Modified default value to keylen-256 for
|
|
rcIkeV2ProfileEncryptKeyLen.
|
|
Modified sha256(5) for rcIkeV2SAHashAlgorithm.
|
|
Modified desCbc(1) to desCbc(2), tripleDesCbc(2)
|
|
to tripleDesCbc(3), aesCbc(3) to aesCbc(12) for
|
|
rcIkeV2SAEncryptionAlgorithm.
|
|
Modified modp2048(3) to modp2048(14) for
|
|
rcIkeV2SADHGroup.
|
|
Modified sha256(3) to sha256(12), aes-xcbc(4) to
|
|
aes-xcbc(5) for rcIkeV2SAIntegrityAlgorithm.
|
|
Requested by Anjana Krishnankutty (shchang)"
|
|
|
|
|
|
REVISION "201610060000Z" -- 6 October 2016
|
|
DESCRIPTION "Version 12: Added rcIkePolicyPeerName.
|
|
Requested by Hariprasad Rajendran
|
|
(prempa)"
|
|
|
|
REVISION "201609200000Z" -- 20 September 2016
|
|
DESCRIPTION "Version 11: Changed the MAX-ACCESS of rcIkeActiveSAId
|
|
from read-only to not-accessible
|
|
(prempa)"
|
|
|
|
REVISION "201609200000Z" -- 20 September 2016
|
|
DESCRIPTION "Version 10: Added rcIkeV2ProfileTable, rcIkePolicyProfileVersion
|
|
and rcIkeV2SATable.
|
|
Requested by Anjana Krishnankutty (prempa)"
|
|
|
|
REVISION "201608100000Z" -- 10 August 2016
|
|
DESCRIPTION "Version 9: Changed the order of crl and ocsp in
|
|
rcIkePolicyRevocationCheckMethod
|
|
Based on how it was added in submit 29882 (prempa)"
|
|
|
|
REVISION "201608050000Z" -- 5 August 2016
|
|
DESCRIPTION "Version 8: Added rcIkeActiveSATable
|
|
Requested by Priyotosh Mondal (prempa)"
|
|
|
|
REVISION "201607290000Z" -- 29 July 2016
|
|
DESCRIPTION "Version 7: Added rcIkePolicyRevocationCheckMethod
|
|
Requested by Shreesh Patil (prempa)"
|
|
|
|
REVISION "201606270000Z" -- 27 June 2016
|
|
DESCRIPTION "Version 6: Added digitalCertificate (5) to rcIkePolicyAuthenticationMethod
|
|
Requested by Anjana Krishnankutty (prempa)"
|
|
|
|
REVISION "201605060000Z" -- 06 May 2016
|
|
DESCRIPTION "Version 5: Added aesCbc256(8) to rcIkeSAEncryptionAlgorithm.
|
|
Added aesCbc256(8) rcIkeProfileEncryptionAlgorithm"
|
|
|
|
REVISION "201201090000Z" -- 09 Jan 2012
|
|
DESCRIPTION "Version 4: Fxied the MIB module rcIkeMib"
|
|
|
|
REVISION "201106290000Z" -- 29 June 2011
|
|
DESCRIPTION "Version 3: Modified the syntax for
|
|
rcIkePolicyLocalAddr (from OCTET STRING to InetAddress),
|
|
rcIkePolicyLocalAddrType (from INTEGER to InetAddressType),
|
|
rcIkePolicyRemoteAddr (from OCTET STRING to InetAddress),
|
|
rcIkePolicyRemoteAddrType (from INTEGER to InetAddressType),
|
|
rcIkeSALocalAddr (from OCTET STRING to InetAddress),
|
|
rcIkeSALocalAddrType(from INTEGER to InetAddressType),
|
|
rcIkeSARemoteAddr (from OCTET STRING to InetAddress),
|
|
rcIkeSARemoteAddrType (from INTEGER to InetAddressType).
|
|
Added rcIkePolicyLocalAddrType and
|
|
rcIkePolicyRemoteAddrType as part of
|
|
index to the rcIkePolicyTable.
|
|
Added rcIkeSALocalAddrType and
|
|
rcIkeSARemoteAddrType as part of index
|
|
to the rcIkeSATable"
|
|
|
|
REVISION "201105270000Z" -- 27 May 2011
|
|
DESCRIPTION "Version 2: Removed rcIkeSARemainingLifetimeSeconds"
|
|
|
|
REVISION "201105260000Z" -- 26 May 2011
|
|
DESCRIPTION "Version 1: Generate File, Add rcIkeProfileTable,
|
|
rcIkePolicyTable and rcIkeSATable under rcIke."
|
|
::= { rcIke 0 }
|
|
--
|
|
-- IKE Profile Table
|
|
--
|
|
rcIkeProfileTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RcIkeProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table contains a list of profiles
|
|
consisting of algorithms and other
|
|
configuration that can be used during an
|
|
IKE Phase 1 connection."
|
|
::= { rcIke 1 }
|
|
|
|
rcIkeProfileEntry OBJECT-TYPE
|
|
SYNTAX RcIkeProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "An entry containing configuration information
|
|
for authentication algorithms, encryption
|
|
algorithms, Diffie-Helman group, exchange-mode
|
|
and lifetime-seconds to be used for a Phase 1
|
|
negotiation."
|
|
INDEX { rcIkeProfileName }
|
|
::= { rcIkeProfileTable 1 }
|
|
|
|
RcIkeProfileEntry ::=
|
|
SEQUENCE
|
|
{
|
|
rcIkeProfileName DisplayString,
|
|
rcIkeProfileHashAlgorithm INTEGER,
|
|
rcIkeProfileEncryptionAlgorithm INTEGER,
|
|
rcIkeProfileEncryptKeyLen INTEGER,
|
|
rcIkeProfileDHGroup INTEGER,
|
|
rcIkeProfileExchangeMode INTEGER,
|
|
rcIkeProfileLifetimeSeconds Unsigned32,
|
|
rcIkeProfileRowStatus RowStatus
|
|
}
|
|
|
|
rcIkeProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object contains the name of this Profile."
|
|
::= { rcIkeProfileEntry 1 }
|
|
|
|
rcIkeProfileHashAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
md5(1),
|
|
sha(2),
|
|
sha256(4),
|
|
any(255)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the hash algorithms
|
|
that can be used during IKE Phase 1 SA
|
|
negotiation."
|
|
DEFVAL { sha256 }
|
|
::= { rcIkeProfileEntry 2 }
|
|
|
|
rcIkeProfileEncryptionAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
desCbc(1),
|
|
tripleDesCbc(5),
|
|
aesCbc(7),
|
|
aesCbc256(8),
|
|
any(255)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the encryption
|
|
algorithms that can be used during IKE
|
|
Phase 1 SA negotiation."
|
|
DEFVAL { aesCbc }
|
|
::= { rcIkeProfileEntry 3 }
|
|
|
|
rcIkeProfileEncryptKeyLen OBJECT-TYPE
|
|
SYNTAX INTEGER (128|192|256)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the key length
|
|
that should be be used during IKE
|
|
Phase 1 SA negotiation."
|
|
DEFVAL { 128 }
|
|
::= { rcIkeProfileEntry 4 }
|
|
|
|
rcIkeProfileDHGroup OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
modp768(1),
|
|
modp1024(2),
|
|
modp2048(14),
|
|
any(255)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Diffie-Hellman
|
|
groups that can be used during IKE Phase 1
|
|
SA negotiation."
|
|
DEFVAL { modp1024 }
|
|
::= { rcIkeProfileEntry 5 }
|
|
|
|
rcIkeProfileExchangeMode OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
main(1),
|
|
aggressive(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the IKE Phase 1
|
|
negotiation mode. Only main mode is
|
|
supported for this release."
|
|
DEFVAL { main }
|
|
::= { rcIkeProfileEntry 6 }
|
|
|
|
rcIkeProfileLifetimeSeconds OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..4294967295)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the amount of time to
|
|
propose an IKE Phase 1 SA remain valid during
|
|
IKE Phase 1 negotiation. A value of 0 means no
|
|
expiration."
|
|
DEFVAL { 86400 }
|
|
::= { rcIkeProfileEntry 7 }
|
|
|
|
rcIkeProfileRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object is used to create or delete
|
|
entries in this table."
|
|
::= { rcIkeProfileEntry 8 }
|
|
|
|
--
|
|
-- IKE Policy Table
|
|
--
|
|
|
|
rcIkePolicyTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RcIkePolicyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table contains a list of IKE Phase 1
|
|
policy entries."
|
|
::= { rcIke 2 }
|
|
|
|
rcIkePolicyEntry OBJECT-TYPE
|
|
SYNTAX RcIkePolicyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "."
|
|
INDEX { rcIkePolicyLocalIfIndex,
|
|
rcIkePolicyLocalAddrType,
|
|
rcIkePolicyLocalAddr,
|
|
rcIkePolicyRemoteAddrType,
|
|
rcIkePolicyRemoteAddr
|
|
}
|
|
::= { rcIkePolicyTable 1 }
|
|
|
|
RcIkePolicyEntry ::=
|
|
SEQUENCE
|
|
{
|
|
rcIkePolicyLocalIfIndex InterfaceIndexOrZero,
|
|
rcIkePolicyLocalAddrType InetAddressType,
|
|
rcIkePolicyLocalAddr InetAddress,
|
|
rcIkePolicyRemoteAddrType InetAddressType,
|
|
rcIkePolicyRemoteAddr InetAddress,
|
|
rcIkePolicyName DisplayString,
|
|
rcIkePolicyProfileName DisplayString,
|
|
rcIkePolicyAuthenticationMethod INTEGER,
|
|
rcIkePolicyPSKValue DisplayString,
|
|
rcIkePolicyDPDTimeout Unsigned32,
|
|
rcIkePolicyP2PFS EnableValue,
|
|
rcIkePolicyP2PfsUseIkeGroup EnableValue,
|
|
rcIkePolicyP2PfsDHGroup INTEGER,
|
|
rcIkePolicyAdminState EnableValue,
|
|
rcIkePolicyOperStatus INTEGER,
|
|
rcIkePolicyRowStatus RowStatus,
|
|
rcIkePolicyRevocationCheckMethod INTEGER,
|
|
rcIkePolicyProfileVersion INTEGER,
|
|
rcIkePolicyPeerName DisplayString
|
|
}
|
|
|
|
rcIkePolicyLocalIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndexOrZero
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Interface Index
|
|
of the local address.
|
|
Only port and vlan if-index are supported
|
|
for this release.
|
|
When the value zero is specified on a SET, rcIkePolicyLocalIfIndex
|
|
will be obtained from an existing interface linked to rcIkePolicyLocalAddr,
|
|
if available."
|
|
::= { rcIkePolicyEntry 1 }
|
|
|
|
rcIkePolicyLocalAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the type of address
|
|
field in the rcIkePolicyLocalAddr.
|
|
Only IPv6 address types are supported for
|
|
this release."
|
|
::= { rcIkePolicyEntry 2 }
|
|
|
|
rcIkePolicyLocalAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the string
|
|
representation of the local peer ID.
|
|
The type of value configured for this
|
|
object is specified by the
|
|
rcIkePolicyLocalAddrType."
|
|
::= { rcIkePolicyEntry 3 }
|
|
|
|
rcIkePolicyRemoteAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the type of address
|
|
field in the rcIkePolicyRemoteAddr.
|
|
Only IPv6 address types are supported for
|
|
this release."
|
|
::= { rcIkePolicyEntry 4 }
|
|
|
|
rcIkePolicyRemoteAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the string
|
|
representation of the remote peer ID.
|
|
The type of value configured for this
|
|
object is specified by the
|
|
rcIkePolicyRemoteAddrType."
|
|
::= { rcIkePolicyEntry 5 }
|
|
|
|
rcIkePolicyName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the name given to the policy.
|
|
The name should be assigned during creation of
|
|
the policy. Changing the name after the policy
|
|
is created is not allowed."
|
|
::= { rcIkePolicyEntry 6 }
|
|
|
|
rcIkePolicyProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the name of the profile
|
|
(rcIkeProfileName) that should be used for
|
|
this policy."
|
|
::= { rcIkePolicyEntry 7 }
|
|
|
|
rcIkePolicyAuthenticationMethod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
preSharedKey(1),
|
|
dssSignatures(2),
|
|
rsaSignatures(3),
|
|
encryptionWithRsa(4),
|
|
digitalCertificate(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the proposed
|
|
authentication method for the phase 1
|
|
security association."
|
|
DEFVAL { preSharedKey }
|
|
::= { rcIkePolicyEntry 8 }
|
|
|
|
rcIkePolicyPSKValue OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the value of the
|
|
Pre-Shared Key if the authentication method
|
|
is set to PSK."
|
|
::= { rcIkePolicyEntry 9 }
|
|
|
|
rcIkePolicyDPDTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..4294967295)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Dead Peer
|
|
Detection timeout in seconds."
|
|
DEFVAL { 300 }
|
|
::= { rcIkePolicyEntry 10 }
|
|
|
|
rcIkePolicyP2PFS OBJECT-TYPE
|
|
SYNTAX EnableValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies whether or not perfect
|
|
forward secrecy is used when refreshing keys.
|
|
Enable indicates that PFS SHOULD be used."
|
|
DEFVAL { disable }
|
|
::= { rcIkePolicyEntry 11 }
|
|
|
|
rcIkePolicyP2PfsUseIkeGroup OBJECT-TYPE
|
|
SYNTAX EnableValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies whether or not to use
|
|
the same GroupId (Diffie-Hellman Group) for
|
|
phase 2 as was used in phase 1. If P2PFS is
|
|
disabled, this entry SHOULD be ignored."
|
|
DEFVAL { enable }
|
|
::= { rcIkePolicyEntry 12 }
|
|
|
|
rcIkePolicyP2PfsDHGroup OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
modp768(1),
|
|
modp1024(2),
|
|
modp2048(14),
|
|
any(255)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Diffie-Hellman group
|
|
to use for phase 2 when the object
|
|
rcIkePolicyP2PFS is enabled and the object
|
|
rcIkePolicyP2PfsUseIkeGroup is disabled."
|
|
DEFVAL { modp1024 }
|
|
::= { rcIkePolicyEntry 13 }
|
|
|
|
rcIkePolicyAdminState OBJECT-TYPE
|
|
SYNTAX EnableValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies whether the policy
|
|
is administratively enabled or disabled."
|
|
DEFVAL { disable }
|
|
::= { rcIkePolicyEntry 14 }
|
|
|
|
rcIkePolicyOperStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
up(1),
|
|
down(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies whether the policy
|
|
is operationally up or down."
|
|
::= { rcIkePolicyEntry 15 }
|
|
|
|
rcIkePolicyRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object is used to create or delete
|
|
entries in this table."
|
|
::= { rcIkePolicyEntry 16 }
|
|
|
|
|
|
rcIkePolicyRevocationCheckMethod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
crl(1),
|
|
ocsp(2),
|
|
none(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the proposed
|
|
revocation-check method for digital-certificate
|
|
type authentication-method."
|
|
DEFVAL { crl }
|
|
::= { rcIkePolicyEntry 17 }
|
|
|
|
rcIkePolicyProfileVersion OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
v1(1),
|
|
v2(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object maps to the version
|
|
of ike profile selected. Default value of
|
|
this object is version 1 (v1)"
|
|
DEFVAL {v1}
|
|
::= { rcIkePolicyEntry 18 }
|
|
|
|
rcIkePolicyPeerName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the value of the
|
|
Peer name if the authentication method
|
|
is set to digital certificate."
|
|
::= { rcIkePolicyEntry 19 }
|
|
|
|
--
|
|
-- IKE Phase I SA Table
|
|
--
|
|
|
|
rcIkeSATable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RcIkeSAEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table contains a list of IKE Phase 1
|
|
Security Association entries."
|
|
::= { rcIke 3 }
|
|
|
|
rcIkeSAEntry OBJECT-TYPE
|
|
SYNTAX RcIkeSAEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "."
|
|
INDEX { rcIkeSALocalIfIndex,
|
|
rcIkeSALocalAddrType,
|
|
rcIkeSALocalAddr,
|
|
rcIkeSARemoteAddrType,
|
|
rcIkeSARemoteAddr }
|
|
::= { rcIkeSATable 1 }
|
|
|
|
RcIkeSAEntry ::=
|
|
SEQUENCE
|
|
{
|
|
rcIkeSALocalIfIndex InterfaceIndex,
|
|
rcIkeSALocalAddrType InetAddressType,
|
|
rcIkeSALocalAddr InetAddress,
|
|
rcIkeSARemoteAddrType InetAddressType,
|
|
rcIkeSARemoteAddr InetAddress,
|
|
rcIkeSAName DisplayString,
|
|
rcIkeSAAuthenticationMethod INTEGER,
|
|
rcIkeSADPDTimeout Unsigned32,
|
|
rcIkeSAHashAlgorithm INTEGER,
|
|
rcIkeSAEncryptionAlgorithm INTEGER,
|
|
rcIkeSAEncryptKeyLen INTEGER,
|
|
rcIkeSADHGroup INTEGER,
|
|
rcIkeSAExchangeMode INTEGER,
|
|
rcIkeSALifetimeSeconds Unsigned32,
|
|
rcIkeSAStatus INTEGER
|
|
}
|
|
|
|
rcIkeSALocalIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the interface index
|
|
of the local address.
|
|
Only port and vlan if-index are supported
|
|
for this release."
|
|
::= { rcIkeSAEntry 1 }
|
|
|
|
rcIkeSALocalAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the type of address
|
|
field in the rcIkeSALocalAddr.
|
|
Only IPv6 address types are supported for
|
|
this release."
|
|
::= { rcIkeSAEntry 2 }
|
|
|
|
rcIkeSALocalAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the string representation
|
|
of the local peer ID. The type of value
|
|
configured for this object is specified by the
|
|
rcIkeSALocalAddrType."
|
|
::= { rcIkeSAEntry 3 }
|
|
|
|
rcIkeSARemoteAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the type of address
|
|
field in the rcIkeSARemoteAddr.
|
|
Only IPv6 address types are supported for
|
|
this release."
|
|
::= { rcIkeSAEntry 4 }
|
|
|
|
rcIkeSARemoteAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the string representation
|
|
of the remote peer ID. The type of value
|
|
configured for this object is specified by the
|
|
rcIkeSARemoteAddrType."
|
|
::= { rcIkeSAEntry 5 }
|
|
|
|
rcIkeSAName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the name for the SA."
|
|
::= { rcIkeSAEntry 6 }
|
|
|
|
rcIkeSAAuthenticationMethod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
preSharedKey(1),
|
|
dssSignatures(2),
|
|
rsaSignatures(3),
|
|
encryptionWithRsa(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the proposed
|
|
authentication method for the phase 1
|
|
security association.
|
|
Only the Pre-Shared Key authentication
|
|
method is supported in this release."
|
|
DEFVAL { preSharedKey }
|
|
::= { rcIkeSAEntry 7 }
|
|
|
|
rcIkeSADPDTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Dead Peer
|
|
Detection timeout in seconds."
|
|
::= { rcIkeSAEntry 8 }
|
|
|
|
rcIkeSAHashAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
md5(1),
|
|
sha(2),
|
|
sha256(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the hash algorithm
|
|
negotiated for this IKE Phase 1 SA."
|
|
::= { rcIkeSAEntry 9 }
|
|
|
|
rcIkeSAEncryptionAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
desCbc(1),
|
|
tripleDesCbc(5),
|
|
aesCbc(7),
|
|
aesCbc256(8)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the encryption
|
|
algorithm negotiated for this IKE Phase 1 SA."
|
|
::= { rcIkeSAEntry 10 }
|
|
|
|
rcIkeSAEncryptKeyLen OBJECT-TYPE
|
|
SYNTAX INTEGER (128|192|256)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the encryption
|
|
key length negotiated for this IKE Phase 1 SA."
|
|
::= { rcIkeSAEntry 11 }
|
|
|
|
rcIkeSADHGroup OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
modp768(1),
|
|
modp1024(2),
|
|
modp2048(14)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Diffie-Hellman
|
|
group negotiated for this IKE Phase 1 SA."
|
|
::= { rcIkeSAEntry 12 }
|
|
|
|
rcIkeSAExchangeMode OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
main(1),
|
|
aggressive(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the IKE Phase 1 SA mode."
|
|
::= { rcIkeSAEntry 13 }
|
|
|
|
rcIkeSALifetimeSeconds OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the amount of time to
|
|
propose an IKE Phase 1 SA remain valid during
|
|
IKE Phase 1 negotiation. A value of 0 means
|
|
no expiration."
|
|
::= { rcIkeSAEntry 14 }
|
|
|
|
rcIkeSAStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
inactive(1),
|
|
active(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the amount of time to
|
|
propose an IKE Phase 1 SA remain valid during
|
|
IKE Phase 1 negotiation. A value of 0 means no
|
|
expiration."
|
|
::= { rcIkeSAEntry 15 }
|
|
|
|
|
|
-- IKE ACTIVE SA TABLE
|
|
|
|
rcIkeActiveSATable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RcIkeActiveSAEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table contains a list of IKE Phase 1
|
|
Security Association entries. This table
|
|
obsoletes rcIkeSATable"
|
|
::= { rcIke 4 }
|
|
|
|
rcIkeActiveSAEntry OBJECT-TYPE
|
|
SYNTAX RcIkeActiveSAEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "."
|
|
INDEX { rcIkeActiveSAId,
|
|
rcIkeActiveSALocalIfIndex,
|
|
rcIkeActiveSALocalAddrType,
|
|
rcIkeActiveSALocalAddr,
|
|
rcIkeActiveSARemoteAddrType,
|
|
rcIkeActiveSARemoteAddr
|
|
}
|
|
::= { rcIkeActiveSATable 1 }
|
|
|
|
RcIkeActiveSAEntry ::=
|
|
SEQUENCE
|
|
{
|
|
rcIkeActiveSAId Integer32,
|
|
rcIkeActiveSALocalIfIndex InterfaceIndex,
|
|
rcIkeActiveSALocalAddrType InetAddressType,
|
|
rcIkeActiveSALocalAddr InetAddress,
|
|
rcIkeActiveSARemoteAddrType InetAddressType,
|
|
rcIkeActiveSARemoteAddr InetAddress,
|
|
rcIkeActiveSAName DisplayString,
|
|
rcIkeActiveSAAuthenticationMethod INTEGER,
|
|
rcIkeActiveSADPDTimeout Unsigned32,
|
|
rcIkeActiveSAHashAlgorithm INTEGER,
|
|
rcIkeActiveSAEncryptionAlgorithm INTEGER,
|
|
rcIkeActiveSAEncryptKeyLen INTEGER,
|
|
rcIkeActiveSADHGroup INTEGER,
|
|
rcIkeActiveSAExchangeMode INTEGER,
|
|
rcIkeActiveSALifetimeSeconds Unsigned32,
|
|
rcIkeActiveSAStatus INTEGER,
|
|
rcIkeActiveSAInitiator INTEGER
|
|
}
|
|
|
|
rcIkeActiveSAId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the unique ID of a SA"
|
|
::= { rcIkeActiveSAEntry 1 }
|
|
|
|
rcIkeActiveSALocalIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the interface index
|
|
of the local address.
|
|
Only port and vlan if-index are supported
|
|
for this release."
|
|
::= { rcIkeActiveSAEntry 2 }
|
|
|
|
rcIkeActiveSALocalAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the type of address
|
|
field in the rcIkeActiveSALocalAddr.
|
|
Only IPv6 address types are supported for
|
|
this release."
|
|
::= { rcIkeActiveSAEntry 3 }
|
|
|
|
rcIkeActiveSALocalAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the string representation
|
|
of the local peer ID. The type of value
|
|
configured for this object is specified by the
|
|
rcIkeActiveSALocalAddrType."
|
|
::= { rcIkeActiveSAEntry 4 }
|
|
|
|
rcIkeActiveSARemoteAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the type of address
|
|
field in the rcIkeActiveSARemoteAddr.
|
|
Only IPv6 address types are supported for
|
|
this release."
|
|
::= { rcIkeActiveSAEntry 5 }
|
|
|
|
rcIkeActiveSARemoteAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the string representation
|
|
of the remote peer ID. The type of value
|
|
configured for this object is specified by the
|
|
rcIkeActiveSARemoteAddrType."
|
|
::= { rcIkeActiveSAEntry 6 }
|
|
|
|
rcIkeActiveSAName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the name for the SA."
|
|
::= { rcIkeActiveSAEntry 7 }
|
|
|
|
rcIkeActiveSAAuthenticationMethod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
preSharedKey(1),
|
|
dssSignatures(2),
|
|
rsaSignatures(3),
|
|
encryptionWithRsa(4),
|
|
digitalCertificate(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the proposed
|
|
authentication method for the phase 1
|
|
security association."
|
|
DEFVAL { preSharedKey }
|
|
::= { rcIkeActiveSAEntry 8 }
|
|
|
|
rcIkeActiveSADPDTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Dead Peer
|
|
Detection timeout in seconds."
|
|
::= { rcIkeActiveSAEntry 9 }
|
|
|
|
rcIkeActiveSAHashAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
md5(1),
|
|
sha(2),
|
|
sha256(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the hash algorithm
|
|
negotiated for this IKE Phase 1 SA."
|
|
::= { rcIkeActiveSAEntry 10 }
|
|
|
|
rcIkeActiveSAEncryptionAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
desCbc(1),
|
|
tripleDesCbc(5),
|
|
aesCbc(7)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the encryption
|
|
algorithm negotiated for this IKE Phase 1 SA."
|
|
::= { rcIkeActiveSAEntry 11 }
|
|
|
|
rcIkeActiveSAEncryptKeyLen OBJECT-TYPE
|
|
SYNTAX INTEGER (128|192|256)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the encryption
|
|
key length negotiated for this IKE Phase 1 SA."
|
|
::= { rcIkeActiveSAEntry 12 }
|
|
|
|
rcIkeActiveSADHGroup OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
modp768(1),
|
|
modp1024(2),
|
|
modp2048(14)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Diffie-Hellman
|
|
group negotiated for this IKE Phase 1 SA."
|
|
::= { rcIkeActiveSAEntry 13 }
|
|
|
|
rcIkeActiveSAExchangeMode OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
main(1),
|
|
aggressive(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the IKE Phase 1 SA mode."
|
|
::= { rcIkeActiveSAEntry 14 }
|
|
|
|
rcIkeActiveSALifetimeSeconds OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the amount of time to
|
|
propose an IKE Phase 1 SA remain valid during
|
|
IKE Phase 1 negotiation. A value of 0 means
|
|
no expiration."
|
|
::= { rcIkeActiveSAEntry 15 }
|
|
|
|
rcIkeActiveSAStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
inactive(1),
|
|
active(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the amount of time to
|
|
propose an IKE Phase 1 SA remain valid during
|
|
IKE Phase 1 negotiation. A value of 0 means no
|
|
expiration."
|
|
::= { rcIkeActiveSAEntry 16 }
|
|
|
|
rcIkeActiveSAInitiator OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
initiator(1),
|
|
responder(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the whether the SA was
|
|
created by an Initiator or a Responder"
|
|
::= { rcIkeActiveSAEntry 17 }
|
|
|
|
-- IKEv2 Profile Table
|
|
|
|
rcIkeV2ProfileTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RcIkeV2ProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table contains a list of Ike v2 profiles
|
|
consisting of algorithms and other
|
|
configuration that can be used during an
|
|
IKE connection."
|
|
::= { rcIke 5 }
|
|
|
|
rcIkeV2ProfileEntry OBJECT-TYPE
|
|
SYNTAX RcIkeV2ProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "An entry containing configuration information
|
|
for authentication algorithms, encryption
|
|
algorithms, Diffie-Helman group, exchange-mode
|
|
and lifetime-seconds to be used for
|
|
negotiation."
|
|
INDEX { rcIkeV2ProfileName }
|
|
::= { rcIkeV2ProfileTable 1 }
|
|
|
|
RcIkeV2ProfileEntry ::= SEQUENCE
|
|
{
|
|
rcIkeV2ProfileName DisplayString,
|
|
rcIkeV2ProfileHashAlgorithm BITS,
|
|
rcIkeV2ProfileEncryptionAlgorithm BITS,
|
|
rcIkeV2ProfileEncryptKeyLen BITS,
|
|
rcIkeV2ProfileDHGroup BITS,
|
|
rcIkeV2ProfileExchangeMode INTEGER,
|
|
rcIkeV2ProfileLifetimeSeconds Unsigned32,
|
|
rcIkeV2ProfileIntegrityAlgorithm BITS,
|
|
rcIkeV2ProfileRowStatus RowStatus
|
|
}
|
|
rcIkeV2ProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object contains the name of this Profile."
|
|
::= { rcIkeV2ProfileEntry 1 }
|
|
|
|
rcIkeV2ProfileHashAlgorithm OBJECT-TYPE
|
|
SYNTAX BITS
|
|
{
|
|
md5(0),
|
|
sha(1),
|
|
sha256(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the hash algorithms
|
|
that can be used during IKE SA
|
|
negotiation.
|
|
It is represented in form of bits as follows-
|
|
bit 0 - md5
|
|
bit 1 - sha
|
|
bit 2 - sha256"
|
|
DEFVAL { {sha256} }
|
|
::= { rcIkeV2ProfileEntry 2 }
|
|
|
|
rcIkeV2ProfileEncryptionAlgorithm OBJECT-TYPE
|
|
SYNTAX BITS
|
|
{
|
|
desCbc(0),
|
|
tripleDesCbc(1),
|
|
aesCbc(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the encryption
|
|
algorithms that can be used during IKE
|
|
SA negotiation.
|
|
It is represented in form of bits as follows-
|
|
bit 0 - desCbc
|
|
bit 1 - tripleDesCbc
|
|
bit 2 - aesCbc"
|
|
DEFVAL { {aesCbc} }
|
|
::= { rcIkeV2ProfileEntry 3 }
|
|
|
|
rcIkeV2ProfileEncryptKeyLen OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
keylen-128(0),
|
|
keylen-192(1),
|
|
keylen-256(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the key length
|
|
that should be be used during IKE
|
|
SA negotiation.
|
|
It is represented in form of bits as follows-
|
|
bit 0 - keylen-128
|
|
bit 1 - keylen-192
|
|
bit 2 - keylen-256"
|
|
DEFVAL { {keylen-256} }
|
|
::= { rcIkeV2ProfileEntry 4 }
|
|
|
|
rcIkeV2ProfileDHGroup OBJECT-TYPE
|
|
SYNTAX BITS
|
|
{
|
|
modp768(0),
|
|
modp1024(1),
|
|
modp2048(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Diffie-Hellman
|
|
groups that can be used during IKE
|
|
SA negotiation.
|
|
It is represented in form of bits as follows -
|
|
bit 0 - modp768
|
|
bit 1 - modp1024
|
|
bit 2 - modp2048"
|
|
DEFVAL { {modp1024} }
|
|
::= { rcIkeV2ProfileEntry 5 }
|
|
|
|
rcIkeV2ProfileExchangeMode OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
main(1),
|
|
aggressive(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the IKE
|
|
negotiation mode. Only main mode is
|
|
supported for this release."
|
|
DEFVAL { main }
|
|
::= { rcIkeV2ProfileEntry 6 }
|
|
|
|
rcIkeV2ProfileLifetimeSeconds OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..4294967295)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the amount of time to
|
|
propose an IKE SA remain valid during
|
|
IKE negotiation. A value of 0 means no
|
|
expiration."
|
|
DEFVAL { 86400 }
|
|
::= { rcIkeV2ProfileEntry 7 }
|
|
|
|
|
|
rcIkeV2ProfileIntegrityAlgorithm OBJECT-TYPE
|
|
SYNTAX BITS
|
|
{
|
|
md5 (0),
|
|
sha1 (1),
|
|
sha256 (2),
|
|
aes-xcbc(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the integrity algorithms
|
|
that can be used during IKE SA
|
|
negotiation.
|
|
It is represented in form of bits as follows -
|
|
bit 0 - md5
|
|
bit 1 - sha1
|
|
bit 2 - sha256
|
|
bit 3 - aes-xcbc"
|
|
DEFVAL { {sha256} }
|
|
::= { rcIkeV2ProfileEntry 8 }
|
|
|
|
rcIkeV2ProfileRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object is used to create or delete
|
|
entries in this table."
|
|
::= { rcIkeV2ProfileEntry 9 }
|
|
|
|
-- IKEv2 SA TABLE
|
|
|
|
rcIkeV2SATable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RcIkeV2SAEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table contains a list of IKE V2
|
|
Security Association entries."
|
|
::= { rcIke 6 }
|
|
|
|
rcIkeV2SAEntry OBJECT-TYPE
|
|
SYNTAX RcIkeV2SAEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "."
|
|
INDEX { rcIkeV2SAId,
|
|
rcIkeV2SALocalIfIndex,
|
|
rcIkeV2SALocalAddrType,
|
|
rcIkeV2SALocalAddr,
|
|
rcIkeV2SARemoteAddrType,
|
|
rcIkeV2SARemoteAddr
|
|
}
|
|
::= { rcIkeV2SATable 1 }
|
|
|
|
RcIkeV2SAEntry ::=
|
|
SEQUENCE
|
|
{
|
|
rcIkeV2SAId Integer32,
|
|
rcIkeV2SALocalIfIndex InterfaceIndex,
|
|
rcIkeV2SALocalAddrType InetAddressType,
|
|
rcIkeV2SALocalAddr InetAddress,
|
|
rcIkeV2SARemoteAddrType InetAddressType,
|
|
rcIkeV2SARemoteAddr InetAddress,
|
|
rcIkeV2SAName DisplayString,
|
|
rcIkeV2SAAuthenticationMethod INTEGER,
|
|
rcIkeV2SADPDTimeout Unsigned32,
|
|
rcIkeV2SAHashAlgorithm INTEGER,
|
|
rcIkeV2SAEncryptionAlgorithm INTEGER,
|
|
rcIkeV2SAEncryptKeyLen INTEGER,
|
|
rcIkeV2SADHGroup INTEGER,
|
|
rcIkeV2SAExchangeMode INTEGER,
|
|
rcIkeV2SALifetimeSeconds Unsigned32,
|
|
rcIkeV2SAStatus INTEGER,
|
|
rcIkeV2SAInitiator INTEGER,
|
|
rcIkeV2SAIntegrityAlgorithm INTEGER
|
|
}
|
|
|
|
rcIkeV2SAId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the unique ID of a SA"
|
|
::= { rcIkeV2SAEntry 1 }
|
|
|
|
|
|
rcIkeV2SALocalIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the interface index
|
|
of the local address.
|
|
Only port and vlan if-index are supported
|
|
for this release."
|
|
::= { rcIkeV2SAEntry 2 }
|
|
|
|
rcIkeV2SALocalAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the type of address
|
|
field in the rcIkeActiveSALocalAddr.
|
|
Only IPv6 address types are supported for
|
|
this release."
|
|
::= { rcIkeV2SAEntry 3 }
|
|
|
|
rcIkeV2SALocalAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the string representation
|
|
of the local peer ID. The type of value
|
|
configured for this object is specified by the
|
|
rcIkeV2SALocalAddrType."
|
|
::= { rcIkeV2SAEntry 4 }
|
|
|
|
rcIkeV2SARemoteAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the type of address
|
|
field in the rcIkeV2SARemoteAddr.
|
|
Only IPv6 address types are supported for
|
|
this release."
|
|
::= { rcIkeV2SAEntry 5 }
|
|
|
|
rcIkeV2SARemoteAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the string representation
|
|
of the remote peer ID. The type of value
|
|
configured for this object is specified by the
|
|
rcIkeV2SARemoteAddrType."
|
|
::= { rcIkeV2SAEntry 6 }
|
|
|
|
rcIkeV2SAName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the name for the SA."
|
|
::= { rcIkeV2SAEntry 7 }
|
|
|
|
rcIkeV2SAAuthenticationMethod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
preSharedKey(1),
|
|
dssSignatures(2),
|
|
rsaSignatures(3),
|
|
encryptionWithRsa(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the proposed
|
|
authentication method for the phase 1
|
|
security association.
|
|
Only the Pre-Shared Key authentication
|
|
method is supported in this release."
|
|
DEFVAL { preSharedKey }
|
|
::= { rcIkeV2SAEntry 8 }
|
|
|
|
rcIkeV2SADPDTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Dead Peer
|
|
Detection timeout in seconds."
|
|
::= { rcIkeV2SAEntry 9 }
|
|
|
|
rcIkeV2SAHashAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
md5(1),
|
|
sha(2),
|
|
sha256(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the hash algorithm
|
|
negotiated for this IKEv2 SA."
|
|
::= { rcIkeV2SAEntry 10 }
|
|
|
|
rcIkeV2SAEncryptionAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
desCbc(2),
|
|
tripleDesCbc(3),
|
|
aesCbc(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the encryption
|
|
algorithm negotiated for this IKEv2 SA."
|
|
::= { rcIkeV2SAEntry 11 }
|
|
|
|
rcIkeV2SAEncryptKeyLen OBJECT-TYPE
|
|
SYNTAX INTEGER (128|192|256)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the encryption
|
|
key length negotiated for this IKE V2 SA."
|
|
::= { rcIkeV2SAEntry 12 }
|
|
|
|
rcIkeV2SADHGroup OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
modp768(1),
|
|
modp1024(2),
|
|
modp2048(14)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the Diffie-Hellman
|
|
group negotiated for this IKE V2 SA."
|
|
::= { rcIkeV2SAEntry 13 }
|
|
|
|
rcIkeV2SAExchangeMode OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
main(1),
|
|
aggressive(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the IKE V2 SA mode."
|
|
::= { rcIkeV2SAEntry 14 }
|
|
|
|
rcIkeV2SALifetimeSeconds OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the amount of time to
|
|
propose an IKE V2 SA remain valid during
|
|
IKE negotiation. A value of 0 means
|
|
no expiration."
|
|
::= { rcIkeV2SAEntry 15 }
|
|
|
|
rcIkeV2SAStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
inactive(1),
|
|
active(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the amount of time to
|
|
propose an IKE V2 SA remain valid during
|
|
IKE V2 negotiation. A value of 0 means no
|
|
expiration."
|
|
::= { rcIkeV2SAEntry 16 }
|
|
|
|
rcIkeV2SAInitiator OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initiator(1),
|
|
responder(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the whether the SA was
|
|
created by an Initiator or a Responder"
|
|
::= { rcIkeV2SAEntry 17 }
|
|
|
|
|
|
rcIkeV2SAIntegrityAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
md5(1),
|
|
sha1(2),
|
|
sha256(12),
|
|
aes-xcbc(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object specifies the integrity algorithms
|
|
that can be used during IKEv2 SA
|
|
negotiation."
|
|
::= { rcIkeV2SAEntry 18 }
|
|
|
|
END
|